Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust and Driving Business via Public- Private Partnerships.

Published byOphelia Iris Burke Modified over 8 years ago

Similar presentations

Presentation on theme: "1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust and Driving Business via Public- Private Partnerships."— Presentation transcript:

1 1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust and Driving Business via Public- Private Partnerships Christopher Currens Deputy, National Strategy for Trusted Identities in Cyberspace (NSTIC) National Institute of Standards and Technology (NIST)

2 2 National Strategy for Trusted Identities in Cyberspace NIST: Bird’s eye view Courtesy HDR Architecture, Inc./Steve Hall © Hedrich Blessing G. Wheeler The United States’ national measurement laboratory, NIST is where Nobel Prize- winning science meets real-world engineering. With an extremely broad research portfolio, world-class facilities, national networks, and an international reach, NIST works to support industry innovation – our central mission.

3 3 National Strategy for Trusted Identities in Cyberspace NIST’s Mission ©R. Rathe To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.

4 4 National Strategy for Trusted Identities in Cyberspace NIST: Basic Stats and Facts FY 2012 Appropriations $750.8 M ©R. Rathe Major assets  ~ 3,000 employees  ~ 2,800 associates and facilities users  ~ 1,600 field staff in partner organizations (Manufacturing Extension Partnership)  Two locations: Gaithersburg, Md., and Boulder, Colo.  Four external collaborative institutes: basic physics, biotech, quantum, and marine science

5 5 National Strategy for Trusted Identities in Cyberspace Imagine if… Four years from now, 80% of your customers arrived at your website already holding a secure credential for identification and authentication – and you could trust this credential in lieu of your existing username/password system. Interoperable with your login system (you don’t have to issue credentials) Multi-factor authentication (no more password management) Tied to a robust identity proofing mechanism (you know if they are who they claim to be) With baked-in rules to limit liability and protect privacy

6 6 National Strategy for Trusted Identities in Cyberspace What would this mean… For Security and Loss Prevention? 5 of the top 6 vectors of attack in 2011 data breaches tied to passwords The number of Americans impacted by data breaches rose 67% from 2010 to 2011 Weak identity systems fuel online fraud, make it impossible to know who is a “dog on the Internet” For Reducing Friction in Online Commerce? Today, 75% of customers will avoid creating new accounts. 54% leave the site or do not return Today, 45% of consumers will abandon a site rather than attempt to reset their passwords or answer security questions

7 7 National Strategy for Trusted Identities in Cyberspace $2 Trillion The total projected online retail sales across the G20 nations in 2016 $2.5 Trillion What this number can grow to if consumers believe the Internet is more worthy of their trust $1.5 Trillion What this number will fall to if Trust is eroded Trust matters to online business Source: Rethinking Personal Data: Strengthening Trust. World Economic Forum, May 2012.

8 8 National Strategy for Trusted Identities in Cyberspace The foundation of enhanced online trust, reduced fraud and better customer experiences. A voluntary, public-private partnership is forming to create it – but voluntary models don’t succeed unless people volunteer An “Identity Ecosystem”

9 9 National Strategy for Trusted Identities in Cyberspace Apply for mortgage online with e-signature Trustworthy critical service delivery Security ‘built-into’ system to reduce user error Privately post location to her friends Secure Sign-On to state website Online shopping with minimal sharing of PII January 1, 2016 The Identity Ecosystem: Individuals can choose among multiple identity providers and digital credentials for convenient, secure, and privacy-enhancing transactions anywhere, anytime.

10 10 National Strategy for Trusted Identities in Cyberspace The government is here to help…seriously

11 11 National Strategy for Trusted Identities in Cyberspace Called for in President’s Cyberspace Policy Review (May 2009): a “cybersecurity focused identity management vision and strategy…that addresses privacy and civil-liberties interests, leveraging privacy-enhancing technologies for the nation.” Guiding Principles Privacy-Enhancing and Voluntary Secure and Resilient Interoperable Cost-Effective and Easy To Use NSTIC calls for an Identity Ecosystem, “an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities.” What is NSTIC?

12 12 National Strategy for Trusted Identities in Cyberspace Usernames and passwords are broken Most people have 25 different passwords, or use the same one over and over Even strong passwords are vulnerable…criminals have many paths to easily capture “keys to the kingdom” Rising costs of identity theft – 11.6M U.S. victims (+13% YoY) in 2011 at a cost of $37 billion – 67% increase in # of Americans impacted by data breaches in 2011 (Source: Javelin Strategy & Research) A common vector of attack – Sony Playstation, Zappos, Lulzsec, Infragard among dozens of 2011-12 breaches tied to passwords. The Problem Today

13 13 National Strategy for Trusted Identities in Cyberspace The Problem Today Source: 2012 Data Breach Investigations Report, Verizon and USSS 2011: 5 of the top 6 attack vectors are tied to passwords 2010: 4 of the top 10

14 14 National Strategy for Trusted Identities in Cyberspace Identities are difficult to verify over the internet Numerous government services still must be conducted in person or by mail, leading to continual rising costs for state, local and federal governments Electronic health records could save billions, but can’t move forward without solving authentication challenge for providers and individuals Many transactions, such as signing an auto loan or a mortgage, are still considered too risky to conduct online due to liability risks The Problem Today New Yorker, July 5, 1993New Yorker, September 12, 2005Rob Cottingham, June 23, 2007

15 15 National Strategy for Trusted Identities in Cyberspace Privacy remains a challenge Individuals often must provide more personally identifiable information (PII) than necessary for a particular transaction –This data is often stored, creating “honey pots” of information for cybercriminals to pursue Individuals have few practical means to control use of their information The Problem Today

16 16 National Strategy for Trusted Identities in Cyberspace Privacy: Increasingly Complex as Volumes of Personal Data Grow Source: World Economic Forum, “Rethinking Personal Data: Strengthening Trust,” May 2012

17 17 National Strategy for Trusted Identities in Cyberspace Trusted Identities provide a foundation Economic benefits Improved privacy standards Enhanced security TRUSTED IDENTITIES Fight cybercrime and identity theft Increased consumer confidence Offer citizens more control over when and how data is revealed Share minimal amount of information Enable new types of transactions online Reduce costs for sensitive transactions Improve customer experiences

18 18 National Strategy for Trusted Identities in Cyberspace We've proven that Trusted Identities matter DoD Led the Way DoD network intrusions fell 46% after it banned passwords for log-on and instead mandated use of the CAC with PKI. But Barriers Exist High assurance credentials come with higher costs and burdens They’ve been impractical for many organizations, and most single-use applications. Metcalfe’s Law applies – but there are barriers (standards, liability, usability) today that the market has struggled to overcome.

19 19 National Strategy for Trusted Identities in Cyberspace Private sector will lead the effort Federal government will provide support Not a government-run identity program Private sector is in the best position to drive technologies and solutions… …and ensure the Identity Ecosystem offers improved online trust and better customer experiences Help develop a private-sector led governance model Facilitate and lead development of interoperable standards Provide clarity on national policy and legal framework around liability and privacy Fund pilots to stimulate the marketplace Act as an early adopter to stimulate demand What does NSTIC call for?

20 20 National Strategy for Trusted Identities in Cyberspace How is NSTIC different? We’re in a different time. Needed technologies are more mature. Realization that government working alone is not in the best position to define business models. Window of opportunity o Companies and industry organizations say we need something better. o The White House provides a thoughtful strategy that emphasizes ownership by the private sector. o Our role is to convene and help address existing barriers.

21 21 National Strategy for Trusted Identities in Cyberspace Our Implementation Strategy

22 22 National Strategy for Trusted Identities in Cyberspace We don’t want to boil the ocean.

23 23 National Strategy for Trusted Identities in Cyberspace Let’s go surfing where the waves are…

24 24 National Strategy for Trusted Identities in Cyberspace Next Steps....updates Awarded a 2-year grant to fund a privately-led Steering Group to convene stakeholders and craft standards and policies to create an Identity Ecosystem Framework Held first meeting of the Identity Ecosystem Steering Group Convene the Private Sector FFO published in early 2012 for $9-10M NSTIC pilots grant program Awards expected by mid-September 2012 Challenge-based approach focused on addressing barriers the marketplace has not yet overcome Select Pilots Ensure government-wide alignment with the Federal Identity, Credential, and Access Management (FICAM) Roadmap New White House initiated effort to create a Federal Cloud Credential Exchange (FCCX) Government as an early adopter to stimulate demand

25 25 National Strategy for Trusted Identities in Cyberspace The Secretariat: Trusted Federal Systems On July 12, NIST announced Trusted Federal Systems or TFS as the awardee of a two-year grant to convene the private sector-led Identity Ecosystem Steering Group (IESG) and serve as the group’s administrative arm as it tackles the wide range of policy and technical challenges associated with crafting an Identity Ecosystem Framework. Additionally, TFS will facilitate collaboration among multiple stakeholders to help drive the creation of consensus standards and best practices that can advance national priorities. Learn more about the Identity Ecosystem Steering Group, including how you can participate: http://www.idecosystem.org/ (next meeting in Washington, D.C. on October 29-30, 2012)

26 26 National Strategy for Trusted Identities in Cyberspace It Now Exists! Source: Phil Wolff, http://www.flickr.com/photos/philwolff/7789263898/in/photostream Identity Ecosystem Steering Group

27 27 National Strategy for Trusted Identities in Cyberspace The Identity Ecosystem Steering Group

28 28 National Strategy for Trusted Identities in Cyberspace Nearly 400 participants; more than 800 signed up for future participation. Over 300 different companies and organizations. Representatives from UK, Australia, EU, NZ, Canada, Japan. Elected Plenary Chair (Bob Blakley/Citi) and Management Council Chair (Brett McDowell/PayPal); Elected 16 delegates to Management Council Approved draft charter and bylaws for a 90-day provisional period; established a tiger team to perfect them. Stood up working groups and/or committees on topics including: Highlights of Initial IDESG Meeting (August 15-16) o Standards o Policy o Privacy o Usability o Security o Accreditation o Health Care o Financial Sector o International Coordination

29 29 National Strategy for Trusted Identities in Cyberspace Most of the work will be done in the IDESG standing committees/working groups. Now that private-sector leadership has been elected, NPO is just one of many stakeholders. NPO will look to encourage and facilitate progress in the private sector." NPO will still play a large role with the NSTIC pilot program o In mid-September, the office will announce the winners for the first round of NSTIC pilot grants o The federal funding opportunity NIST issued in February received 186 applications, which were whittled down to 27 finalists. NSTIC National Program Office (NPO)

30 30 National Strategy for Trusted Identities in Cyberspace Great response 186 abbreviated proposals received 27 finalists selected to submit full proposals NIST will soon announce approx. $10M in grant awards Awardees will pilot solutions that increase confidence in online transactions, prevent identity theft, and provide individuals with more control over how they share their personal information Pilots advance NSTIC vision that individuals adopt secure, efficient, easy-to-use, and interoperable identity credentials to access online services in a way that promotes confidence, privacy, choice and innovation The pilots seek to catalyze a new marketplace, spanning multiple sectors, and demonstrate new solutions, models or frameworks that do not exist today NSTIC Pilot Projects

31 31 National Strategy for Trusted Identities in Cyberspace American Association of Motor Vehicle Administrators (AAMVA) (Va.) o Partner with the Virginia Department of Motor Vehicles to allow state residents to access online services Criterion Systems (Va.) o Allow consumers to selectively share shopping and other preferences and information to both reduce fraud and enhance the user experience Daon, Inc. (Va.) o Employ user-friendly identity solutions that leverage smart mobile devices (smartphones/tablets) to maximize consumer choice and usability Resilient Network Systems, Inc. (Calif.) o Demonstrate that sensitive health and education transactions on the Internet can earn patient and parent trust by using a Trust Network University Corporation for Advanced Internet Development (Va.) o Partner with multiple universities to develop a consistent and robust privacy infrastructure and to encourage the use of multifactor authentication and other technologies NSTIC Pilot Projects

32 32 National Strategy for Trusted Identities in Cyberspace What Your Firms Can Do TALK: about the value of NSTIC to leaders in your firm SUPPORT: NSTIC Pilots by volunteering to be a relying party JOIN: the Identity Ecosystem Steering Group…next meeting in Washington, D.C. on October 29-30, 2012 (www.idecosystem.org)www.idecosystem.org Participate Leverage trusted identities to move more services online Consider ways to support identity and credentialing in partnership with trusted third parties Be early adopters You are a key partner, we want to hear from you Give us your ideas!

33 33 National Strategy for Trusted Identities in Cyberspace Questions? Christopher Currens currens@nist.gov 301.975.8503 www.nist.gov/nstic Identity Ecosystem Steering Group www.idecosytem.org idecosystem@trustedfederal.com

Download ppt "1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust and Driving Business via Public- Private Partnerships."

Similar presentations

Manatt manatt | phelps | phillips New York State Health Information Technology Summit Initiative Overview and Update Rachel Block, Project Director United.

Manatt manatt | phelps | phillips New York State Health Information Technology Summit Initiative Overview and Update Rachel Block, Project Director United.
HR Manager – HR Business Partners Role Description

HR Manager – HR Business Partners Role Description
Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust via Public-Private Partnerships Jeremy Grant Senior Executive.

1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust via Public-Private Partnerships Jeremy Grant Senior Executive.
The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,

The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
Digital public services and innovation

Digital public services and innovation
1 National Strategy for Trusted Identities in Cyberspace National Strategy for Trusted Identities in Cyberspace Jeremy Grant NIST.

1 National Strategy for Trusted Identities in Cyberspace National Strategy for Trusted Identities in Cyberspace Jeremy Grant NIST.
Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.

Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,

Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
Why Managers Must Understand IT Managers play a key role –Frame opportunities and threats so others can understand them –Evaluate and prioritize problems.

Why Managers Must Understand IT Managers play a key role –Frame opportunities and threats so others can understand them –Evaluate and prioritize problems.
Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.

Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
A Common Immigration Policy for Europe Principles, actions and tools June 2008.

A Common Immigration Policy for Europe Principles, actions and tools June 2008.
National Institute of Standards and Technology U.S. Department of Commerce TheTechnology Innovation Program (TIP) Standard Presentation of TIP Marc G.

National Institute of Standards and Technology U.S. Department of Commerce TheTechnology Innovation Program (TIP) Standard Presentation of TIP Marc G.
John McDougall, President 10 th Annual Re$earch Money Conference, 11 May 2011.

John McDougall, President 10 th Annual Re$earch Money Conference, 11 May 2011.
Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.

Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.
NSTC Smart Grid Subcommittee Overview and Goals for Ongoing Federal/State Collaboration By George Arnold, NIST & Jessica Zufolo, RUS NARUC Annual Convention,

NSTC Smart Grid Subcommittee Overview and Goals for Ongoing Federal/State Collaboration By George Arnold, NIST & Jessica Zufolo, RUS NARUC Annual Convention,
Government of CanadaGouvernement du Canada Service Transformation through Government On-Line Helen McDonald Director General, Office of the Chief Information.

Government of CanadaGouvernement du Canada Service Transformation through Government On-Line Helen McDonald Director General, Office of the Chief Information.
1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.

1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.

Similar presentations

Ads by Google